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1 . This opinion contains indications relating to the following items: 



Basis of the opinion 
Priority 

Non-establishment of opinion with regard to novelty, inventive step and industrial applicability 
Lack of unity of invention 

Reasoned statement under Rule 43£>tv. J(a)(i) with regard to novelty, inventive step or industrial 
applicability; citations and explanations supporting such statement 

Certain documents cited 

Certain defects in the international application 

Certain observations on the international application 

2. FURTHER ACTION 

If a demand for international preliminary examination is made, this opinion will be considered to be a written opinion of the 
International Preliminary Examining Authority ("IPEA") except that this does not apply where the applicant chooses an 
Authority other than this one to be the IPEA and the chosen I PEA has notified the International Bureau under Rule 66. \bis(b) 
that written opinions of this International Searching Authority will not be so considered. 

If this opinion is, as provided above, considered to be a written opinion of the IPEA, the applicant is invited to submit to the 
IPEA a written reply together, where appropriate, with amendments, before the expiration of 3 months from the date of 
mailing of Form PCT/ISA/220 or before the expiration of 22 months from the priority date, whichever expires later. 

For further options, see Form PCT/ISA/220. 
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Box No. I Basis of this opinion 



I. With regard to the language, this opinion has been established on the basis of the international application in the language in which 
it was filed, unless otherwise indicated under this item. 

| | This opinion has been established on the basis of a translation from the original language into the following language m 



which is the language of a translation furnished for the purposes of international search (under Rules 12.3 and 23. 1(b)). 

2. With regard to any nucleotide and/or amino acid sequence disclosed in the international application and necessary to the 
claimed invention, this opinion has been established on the basis of: 

a. type of material 

| | a sequence listing 

| | table(s) related to the sequence listing 

b. format of material 

I | in written formal 

| | in computer readable form 

c. time of filing/f irnishing 

fj| contained in international application as filed. 

| | filed together with the international application in computer readable form. 
| | furnished subsequently to this Authority for the purposes of search. 



3- Lj m addition, in the case that more than one version or copy of a sequence listing and/or table relating thereto has been 
filed or furnished, the required statements that the information in the subsequent or additional copies is identical to that in 
the application as filed or does not go beyond the application as filed, as appropriate, were furnished. 

4. Additional comments: 
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Box No. V Reasoned statement under Rule 43 &is.l(a)(i) with regard to novelty, inventive step or industrial 
applicability; citations and explanations supporting such statement 



1. Statement 

Novelty (N) Claims 9, 10, 15, 16, and 18>20 YES 

Claims 1-8, 11-14, 17, 21, and 22 . NO 

Inventive step (IS) Claims NONE : YES 

Claims 1-22 ; ; NO 

Industrial applicability (I A) Claims N22 YES 

Claims NONE ; . NO 



2. Citations and explanations: 
Please See Continuation Sheet 
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The following detects in the form or contents ot ft. .ntemanona. ~ - ~ 

Tta draxvings are objected to under PCT Rule 2SS!£2l£^ «* »™ 15 °> ,S2 « 

"plurality" in lute 1 , insert --of- . 
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Box No. VHI Certain observations on the international application 



^^observations on Z clarity of the claims, tac*** and drawings or on the cations whether the claims are ruUy 
supported by the description, are made: 

ssrs rsr*^ri ^ ^ " m "" !d " , " ""' 

workstation coupled via a computer network, 
in the claim. 
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V. 2. Citations and Explanations: 

Claims 1-8, 1 1-14, 17, 21, and 22 lack novelty under PCT Article 33(2) as being anticipated by Ensor et al., U.S. Patent No. 
5,721,780 A. ■ . 

As per claims 1 and 21 , Ensor et al. illustrate a method and computer readable medium for providing security to a computer netw<jrk 
by monitoring the physical location of a network login or login attempt, comprising: 

associating a workstation to a physical location (see column 4, lines 19-25; figure 1, items 110 and 112; a terminal device for a home 
subscriber station connected by a telephone jack and line); 

associating a network user to the workstation (see column 3, lines 62-67; a user who has a particular subscriber terminal); 

monitoring a computer network to determine a network login or attempted login of the user (see column 4, lines 40-59; receiving from 
the network a unique, network coupling identifier for the particular terminal when the subscriber attempts to gain access to the 
network); 

detennining a physical location of the login or attempted login (see column 4, lines 51-63; figure 1, item 1 12 and 122; feterrruning the 
location of the terminal from the unique, network coupling identifier associated with the dedicated telephone line coupling the terminal 
to the network); and 

determining whether the user is authorized to access the network from the physical location of the login or attempted login (see 
column 5, lines 54-67; column 6, lines 1-6; figure 1 . items 110, 112, 126, and 1 14; the transaction manager compares the newly 
encrypted password with the retrieved password where two nonidentical passwords indicate an unauthorized login attempt and two 
identical passwords indicate successful authentication for the subscriber to access the network at the dedicated telephone line). 

As per claim 2 , Ensor et al . then point out: 

determining whether preventative action is necessary (see column 5, lines 58-60; figure I , item 1 14; comparing if the newly encrypted 
password is identical to the retrieved password), and 

if so (see column 5, lines 60-61 ; if the two passwords are not identical), automatically initiating preventative action (see column 5, 
lines 60-66; figures 1 10, 1 12, and 126; sending an error message to the subscriber that the authentic ation has failed). 
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K figSSii any of the preceding boxes is no. sufficient. 
As per claim 3. Ensor et al. ftirther describe: 

generating an alert (see column 5, lines 60-66 
authentication has failed) 



; figures 1 10. 1 12. and 126; sending an error message to the subscriber that the 



As per claim 4, Ensor et al. additionally mention: 

Connecting the workstation from the network (see column 6, line 1 ; the modem connection is terminated). 
As per claim 5, Ensor et al. then discuss: 

• , ,omninpr network from an unauthorized location (see column 5, lines 

unauthorized location for the subscriber) . 
As per claim 6, Ensor et al . moreover elaborate: 

of the telephone number of the particular terminal). 
As per claim 7 , Ensor et al. next describe: 

^4 a, common** U. of p«wor* S« «*■»» »• «~ JW. " P""" „ 

As per claim 8, Ensor el al. also specify: 

workstation informadon including the 'jZll^Vy^r an 

updating the corresponding list of passwords by mc ^^"^^mes 51-63; figure 1. item 1 12 and 122; where the unique. 

As per claim 1 1 , Ensor et al. then point out: 

associating a necwork user to the workstation (see column 3. lines 62-67: a user who has a particular subscriber terminal). 

As per claim ,2. Ensor et al. illustrate a method for providing security to a computer network by monitoring the network login or 

login attempt from a particular workstation, comprising: 

i,imn d lines 19-25 - fieure 1 , items 1 10 and 1 12; a terminal device for a home 
associating a workstation to a physical location (see column 4. lines 19 25. Iigure . 
subscriber station connected by a telephone jack and line); 

associating a network user to the workstation (see column 3. lines 62-67; a user who has a particular subscriber terminal); 
network); 

determining which workstation the logm or attempte d^ is gyrated Iron, g column 5. lines 41-66; figure ,. items 1 ,0. 1 ,2. 
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Supplemental Box „. . , 

Incase the space in any of the preceding hoxes is not suflicient. . . 

and 126- figure 3, step 350; comparison of newly encrypted password stored in the database with the password retneved .rom the 
«nS'S^nnine\ match or mismatch between the terminal and the defeated telephone Ime); and 

• • ^.h-r the user is authorized to access the network from the workstation of the login or attempted login (see column 5. 
determmmg whether *e t*er >s author^ d toac c manager compares the newly encrypted 

Sw^d with tt^l£^J^ £*^ P— ' * ™™« » urumthorized login attempt and two identical 
Jassworl^ -here the subscriber is authorized to access the network .rom the terrrunal a, the 

dedicated telephone line). 

As per claim 13, Ensor et al. illustrate a network security system for a plurality of workstations coupled via a local area network, 
comprising: 

,w,mni c «ora B e for associating the workstations to a user and a physical location (see column (see column 5. lines 3-21; figure 1 
tSlm. S TJ£n££wK* passwords resulting from telephone numbers used to identify regrstered accounts .or all termtnals 
stored in the service bureau internal database for a subscriber); 

nne ,« more nroeessors for receiving login information from the workstations login (see column 4. lines 51-63; figure 1 item 1 12 and 
from the terminal at the dedicated telephone line). 



As per claim 14. Ensor et al. farther describe: 

generating an alert based on the domination (see column 5. lines 60-66; figures .10. . 12. and 126; sending an error message to the 
subscriber that the authentication has failed). 



As per claim 17, Ensor et al. moreover point out: 

that die alert comprises a termination signal (see column 5. lines 50-54; figure 3. step 330; instructing the network to terminate the 
modem connection to disconnect the subscriber from the network). 

line into a telephone network), comprising: 

call to the service bureau); and 
telephone number); 

where the system determines^ whether the user access One n etwork from Je j^^J^^ff 

login (see ^^~J£ ^^^^ i^^'^^ ■"*«■ - ^ » nd 

dSgZ^^I^ f« s^riber to access the netv^rk at the dedicated telephone fine). 
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Claims 8-101ack an inventive step under PCT Article 33(3) as being obvious over the Ensor el al.. U.S. Patent No. 5,72 1,780 A as 
applied to claim 1 and further in view of Kondo et al.. U.S. Patent No. 5.684.957 A. 

* _ „ er claim 8 Ensor et al. specify workstation information including the jack or outlet information (see column 6 lines 26-42; figure 
T item 7 108 1 12; upUg the corresponding list of passwords by encrypting the network couphng identifier using a 
iiffeTn encnSi'oTkey after an initial password authentication for a selected terminal; see column 4. lines 51-63; l.gure 1 .tern 1 12 
if^22- S S»e. network coupling identifier is associated with the dedicated telephone line coupling the terminal to the 
neJS ^oweVe"Tey do not describe the other details. Kondo et al. point out the date and time ol each successful logm (see 
rnEZ ,17 Hnes 36-45- figure 14. items 1403; login times), domain address (see column 17. lines 36-45; hgure 14 items 1401; 
namTo v"S K. cohunn .7. lines 48-53: figure 15. item 1502; employed for login procedures), and imormanon 

TaTdm/wS network res.xirces were accessed (see column 19. lines 1-4; figure 19; accesses history mlormaUon mcludmg names 
of fflel access uLs. access process, and data and time of access). Therefore, it wuld have .been obv.ous to one of ordinary skiU in 
uL ^.Tmputer Ji at *e time the invention was made to combine the method of Ensor el al with the date and lane of each successful 
£^ TnaLTdLss, and information regarding which network resources were accessed ot Kondo et ah to provide a network 
^eme^t system the capabUity of early detection of an unauthorized entry from ouls.de and umuthomed use irom inside by 
rS Sof ^essJ to a neLrk device by leaving a record of accesses (see column 4. lmes 60-67 and column 5. hnes 



1-4). 



As ner claim 9 Ensor et al. teach the method of claim 1. However, they do not explicitly show an event log. Kondo et al. describe 
As per claim S, tnsot J* a._ tea Therefore, it would have been obvious to one ot ordinary 

,1™JZ rTErnana E ement system the capability of early detection of an unauthorized entry from outs.de and unauthorized use 

TZ^^S^^^^ * ™* device b * ,eavin * a record of accesses (s * e co,umn 4 - lines 6 * 67 and 



column 5, lines 1-4). 



As per claim 10, Kondo et al. further elaborate: 

that the event log comprises information regarding the physical location of the login or attempted login (see column 17 lines ^36-41: 
H^ure 14 item ^f402^ames of login terminals; see column 12; lines 50-59; where the physical position of the named login terminal ,s 
Sed mTmap toaW) and information regarding the user (see column 17, lines 36-41 ; figure 14 item 1400; names of login 
usersT Therefore it would have been obvious to one of ordinary skill in the computer art at the lime the invention was made to 
combL Arme^d of Ensor et al. with the event log of Kondo el al. to provide a network management system the capabihty of early 
d^clTon an unauthorized entry from ouiside and unauthorized use from inside by determining the status of accesses to a network 
device by leaving a record of accesses (see column 4, lines 6067 and column 5, lmes 1-4). 

Claims 15-16 lack an inventive step under PCT Article 33(3) as being obvious over the Ensor et al., U.S. Patent No. 5.721.780 A as 
applied to claim 14 and further in view of Day, U.S. Patent No. 6,3 1 1 .274 Bl . 

As per claim 15 Ensor et al. describe the system of claim 14. However, they do not explicitly teach an email notification. Day 
JtetTate ^na an S includes an email notification (see column 2, lmes 65-67 and column 3, lines 1-20; sending an e-mail message 
S a£ «S "is met). Therefore, it would have been obvious to one of ordinary skill in the computer art at die ume .he 
Senti^n was ™de to combine the system of Ensor et al. with the email notification of Day to prevent an unauthorized party 
n^erad^g Tt TpSty authorized to send alerts and prevent unauthorized disclosure or modificauon of information conUuned in the 
alert (see column 1, lines 52-60). 

As per claim 16, Day further describes: 

that the aleri comprises a pager notification (see column 5. lines 32-37; an alert action comprising sending a message to a page£ 
Therefore it would have been obvious to one of ordinary skill in the computer art at the ume the invenuon was made to combine the 
^tem of Ens^r « al with the pager notification of Day to send the alert to a person as a recipient of the alert meant to rece,ve such 
information (see column 5, lines 42-45). 

Claims 18-20 lack an inventive step under PCT Article 33(3) as being obvious over the Ensor el al., U.S. Patent No. 5,721.780 A as 
applied to claim 14 and further in view of Kondo et al.. U.S. Patent No. 5,684.957 A. 
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As per claim 18, Ensor et al. teach the system of claim 14. However, they do not explicitly show an event log. Kondo et al. describe 
an event log (see column 17, lines 36-48; figure 14; a login records table). Therefore, it would have been obvious to one of ordinary 
skill in the computer art at the time the invention was made to combine the system of Ensor et al. with the event log of Kondo et al. to 
provide a network management system the capability of early detection of an unauthorized entry from outside and unauthorized use 
from inside by deteirruning the status of accesses to a network device by leaving a record of accesses (see column 4. lines 60-67 and 
column 5, lines 1-4). 



As per claim 19, Kondo et al. then discuss: 

that the event log comprises a time of the access (see column 17, lines 36-45; figure 14, items 1403 and 1404; login times and logout 
times). Therefore, it would have been obvious to one of ordinary skill in the computer art at the time the invention was made to 
combine the system of Ensor et al. with the event log of Kondo et al. to provide a network management system the capability of early 
detection of an unauthorized entry from outside and unauthorized use from inside by determining the status of accesses to a network 
device by leaving a record of accesses (see column 4, lines 60-67 and column 5, lines 1-4). 

As per claim 20, Kondo et al. further elaborate: 

that the event log comprises information regarding the physical location of the login or attempted login (see column 17, lines 36-41; 
figure 14, item 1402; names of login terminals; see column 12; lines 50-59; where the physical position of the named login terminal is 
assigned in a map databr ie) and information regarding the user (see column 17, lines 36-41; figure 14, item 1400; names of login 
users). Therefore, it would have been obvious to one of ordinary skill in the computer art at the time the invention was made to 
combine the system of Ensor et al. with the event log of Kondo et al. to provide a network management system the capability of early 
detection of an unauthorized entry from outside and unauthorized use from inside by determining the status of accesses to a network 
device by leaving a record of accesses (see column 4, lines 60-67 and column 5, lines 1-4). 



Claims 1-22 meet the criteria set out in PCT Article 33(4), and thus have industrial applicability because the subject matter claimed 
can be made or used in industry to prevent unlawful or unauthorized activities by an otherwise authorized network user (see 
description, page 2, W [005]-[006]). 
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